By Joris Evers, 1 February 2007 09:15
NEWS
A security company has found a pair of bugs in Microsoft's Windows Mobile which, if exploited, could crash phones and other devices running the software.
The vulnerabilities lie in Windows Mobile Internet Explorer and Windows Mobile Pictures and Video, Trend Micro said in a pair of security alerts. Viewing a rigged web page or malicious JPEG image file on a Windows Mobile device will cause it to fail, according to the security vendor.
Todd Thiemann, director of device security marketing at Trend Micro, said: "Both of these vulnerabilities are potential denial of service factors. What we're seeing over time is an uptick in the threats against smart phones, particularly those running Symbian and Windows Mobile."
Trend Micro has told Microsoft about the problems and has not publicly shared the vulnerability details. Thiemann said: "The sky isn't falling. Nobody out there is aware of this." The company doesn't expect any imminent attacks exploiting the problems, he said.
Microsoft is aware of the issues and is investigating them, according to a company representative. If needed, the software maker will provide an update to hardware makers for distribution to people who use the Windows Mobile devices, it said. The problems affect Windows Mobile 2003 and Windows Mobile 5.0, according to Trend Micro.
While the number of threats to phones today is low, security experts and analysts agree the situation is likely to change with the advent of smart phones running common operating systems. Security companies, including Trend Micro, are hawking software to shield phones against possible attacks.
In addition to the Windows Mobile issues, Microsoft is also investigating a report of yet another vulnerability in Word. Symantec and the French Security Incident Response Team, or FrSirt, say they have spotted a fifth zero-day flaw in the word-processing application. Microsoft, however, said the problem is previously known.
A company representative said: "Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue."
The newest problem allows an attacker to hijack systems running Word 2003, Symantec said in an alert. The company has advised people to make sure their security software is up to date and urges caution when opening Word documents.
Joris Evers writes for CNET News.com
Comments
There is 1 comment. Join the discussion
1. Rob
This brings to the light, what I think is a serious disadvantage to the mobile platforms, especially the MS one.
We have to wait for MS to distribute the patch to the hardware vendors, it's then up to them to distribute to users, this will obviously take a lot longer then surfing to the MS update site or similiar. These 2 bugs are fairly minor by the sounds of it but what happens when a severe bug is found and the info is available in the wild.